Commit ab488519 authored by Leigh Stoller's avatar Leigh Stoller

Add password authentication checks.

parent 7ae40c82
......@@ -7,34 +7,21 @@
<?php
include("defs.php3");
#
# Only known and logged in users can end experiments.
#
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
#
# Only known and logged in users can do this.
#
if (!isset($uid)) {
USERERROR("You must be logged in to sho experiment information!", 1);
unset($uid);
}
LOGGEDINORDIE($uid);
#
# Verify that the uid is known in the database.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
}
# Verify form arguments.
#
if (!isset($exp_pideid) ||
strcmp($exp_pideid, "") == 0) {
USERERROR("You must provide an experiment ID.", 1);
......
......@@ -7,34 +7,17 @@
<?php
include("defs.php3");
#
# Only known and logged in users can end experiments.
#
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
#
# Only known and logged in users can do this.
#
if (!isset($uid)) {
USERERROR("You must be logged in to show experiment information!", 1);
unset($uid);
}
#
# Verify that the uid is known in the database.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
}
LOGGEDINORDIE($uid);
#
# Show a menu of all experiments for all projects that this uid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment